From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Mon, 02 Jun 2025 14:12:25 -0700 Received: from mail-oi1-f184.google.com ([209.85.167.184]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1uMCSH-0007DN-2Y for bitcoindev@gnusha.org; Mon, 02 Jun 2025 14:12:25 -0700 Received: by mail-oi1-f184.google.com with SMTP id 5614622812f47-4033c872b60sf4144555b6e.2 for ; Mon, 02 Jun 2025 14:12:25 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1748898739; cv=pass; d=google.com; s=arc-20240605; b=VIxe8NFm6aDfqjIkUfuae6FYAZJ70zUblf8CyUrz9X6BdDz8t48O+i1OaNWfXvZmBY aGAJmgGtZNvUkSzWrGMB4h+hB1xJrRuvW+Ion9B6gYIRXOSyZLOUlmHL1MUdtZyBQgv9 q3aOSkpwp9yodIBq2ib0noMzFSMBqfOFnN2Uod8hMrjL0JvHjGgCNsmWj5zArtdZVdJp Tp+dV0fGMY/DXnkRzxeRi3PsrA/gSzguaI3CDjXgWVTaIk4cPebUph4X8lu3ol9bVnKQ Mc4H7bv4vPSU4D5UCKVG+cKDDfkSJMZitpPhAA6xvQwgk6EfnggLwpsV9I3kJCNInOU4 kGTg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:content-language:to:subject:from :user-agent:mime-version:date:message-id:sender:dkim-signature :dkim-signature; bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=; fh=8VbUavqbvkEzyK17FDHxP6iV7s4snRVJMCz2YajJ5H0=; b=UwIfeYo4cK/OU6CfZYC2m3zMirUNJoaywMkAOR6prCs12aAU+ycSChS4/XYRpzbP2V /Ny49BirCAehTE42uvoqHevpJ6hxRmv56841A10GGgl66jX+fQd9XJY066cSZujGxTZy AENS2BCb7m1QF4s99gnkymY055I2m8qpugpSDcSK085uDiZU+PrxmfAFCWgY0n1C1ELu e+ChYVMnYoVvzcS7s0IFJiGw16qmFZC32YGeCjt2Wq7VnGZbh/tO6E3mkyYtRX697NGQ +HNIIpbohL+QaqBX/B3pMvsVzVW9NiWvZFg+LUy9zFPAGLRaLLc/AptBBCPti3mVJEJ3 1VWg==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XJSwq7OS; spf=pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) smtp.mailfrom=lwandersleb@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1748898739; x=1749503539; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-language:to:subject:from:user-agent :mime-version:date:message-id:sender:from:to:cc:subject:date :message-id:reply-to; bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=; b=LiuzcDx6dHH7/hI3DcDExH8uxHBRhAeSFFK5iO46JDj7rpvCDJKIjzkXO+VzvRRHi/ eslVa6Db152pkECHs9EQAOdpPG3Wt9YtW15PercpfcyX+WmSX0UBjEal/dRPaAIjuxjO z3PJFlhXFvlcdVrlcM6yVlGRf7Pjg9WIDtEoKaYa5W4Gqhl6iC9aVQIpV/tHEeksmEpu I8lOwaeohZspMRMy3xH9LMZSSrJXx/OydtqZaOdZaM+ItMC23eXQtjccDJ807IiQ18ZQ 8aMdu+9H1MHy2AiSEwT42yniq5fVZB2PghlGwmFFRBSuQVYUlNAdJqX+B5E+NDHuulhG 4bGw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1748898739; x=1749503539; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-language:to:subject:from:user-agent :mime-version:date:message-id:from:to:cc:subject:date:message-id :reply-to; bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=; b=UkgPGMRmJO+21UIag7Ju4LoLqXHdnLawMLLhMcwnydSIk1ijrIwqWjPZLFolTL12iz fqO7txrFFxCAXV6ktqMsjxU/e6MgLBDv6/VNWHTvAIq9YHT0kDbk4oazpEPajExfrNdM Tr8rrqe9FofdF6HZ644lDYgmbGVQApmusCsfCPjFGLZ5s2fPkxzIKPsPhjrg3zqU0EqK jiaxILjD8yW4xegXl1MrSQjie2YJAM5sBSSt7BTHMxwlmejbfwH2erkZh7R3R0VDGlIp t7KxgxfncpmYWAliqUaMRSgRx3gkyLQN3vS5mt3Q3RQiWzlGHPQJ56X/1fomb9jJZEJ1 vGvA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1748898739; x=1749503539; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:x-original-authentication-results :x-original-sender:content-language:to:subject:from:user-agent :mime-version:date:message-id:x-beenthere:x-gm-message-state:sender :from:to:cc:subject:date:message-id:reply-to; bh=x/cgXAOIUbQEFsimA7vH4vgpNniK+EKCM+1T17Cxa24=; b=n/hV84D0AwZU61A8bTmPgSM6d0W2T64ViPQHQl7NnbXQDzYpIJXcgpBnu+qC8Qtfpv IIy4Y/qyWM++PAw8D2vE6R6AKQHNR7edZ5zT6posJxFswq+kmwFIKwIzbf6HWlGHVfBZ 85KrEFQe0TfbpaFyWm0G9X/xz/llVcR6rrQszy9kCJbpyKjhRp6yaZgogoTYflbgQWrj fBgE/MvhnmYjQcOz5kxqhnoboxFcrMYStxudyjTa4mL+2rCYAV3IOiDV1ZOmnxDvXl6+ ydfEngHNeWqR146Elg+S5YABKyRDqJMHXDclGd8fNFLmEpdFKjrrbHJvy8dPZEkIQMtj uwMw== Sender: bitcoindev@googlegroups.com X-Forwarded-Encrypted: i=2; AJvYcCXY0XI6lkLSAH6q8os7qg+/nHb7otCTBouFfNEsopPfi30yoYx4FGFQHlEWNeGGT0o33di4/tDo5aWE@gnusha.org X-Gm-Message-State: AOJu0Yzw3fOxPBW0OKwtd0U40HNBbQHL87ZoCOMtHlaQm+5lJK7oaGeE fPV7O0hxFKzbj86FD6WYhVh+P1BhPZxSOtHILuyxTvjQMkQRlUsVZM07 X-Google-Smtp-Source: AGHT+IGUUrn+GidktT2MuKEwIfqcD7Qn7x9JpvK0PXsGhKkDRU7Qhugk9rIKbdHp3Fs6t1a6oWFjGg== X-Received: by 2002:a05:6808:3319:b0:406:7186:5100 with SMTP id 5614622812f47-407a65dd795mr6176842b6e.22.1748898739033; Mon, 02 Jun 2025 14:12:19 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZejITKMIFgM3GXt5Bf5bCsiwXW60B2dRj4zEyxQ14k2Tw== Received: by 2002:a4a:e381:0:b0:60e:f246:1b76 with SMTP id 006d021491bc7-60ef2461bc0ls327249eaf.0.-pod-prod-08-us; Mon, 02 Jun 2025 14:12:15 -0700 (PDT) X-Received: by 2002:a05:6808:4492:b0:3fa:3a0:137b with SMTP id 5614622812f47-407a66115a4mr6420078b6e.29.1748898735488; Mon, 02 Jun 2025 14:12:15 -0700 (PDT) Received: by 2002:a05:6504:1294:b0:2b1:9db7:3101 with SMTP id a1c4a302cd1d6-2b1a1c1d5f4msc7a; Mon, 2 Jun 2025 14:06:40 -0700 (PDT) X-Received: by 2002:a2e:bc29:0:b0:32a:651c:9af3 with SMTP id 38308e7fff4ca-32a90804ccdmr41019291fa.37.1748898398077; Mon, 02 Jun 2025 14:06:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1748898398; cv=none; d=google.com; s=arc-20240605; b=gEnhYmNoQZ4gNsY5YjPZSl9JK3FhSqk6s6jV6aeqWmshwztlAW6ng/xD8GXiazBdmp ZlX6Ni1/C/aqxv/+FYsOvtMs5xyBcCFv1PPO0CSvMO1OAtj1JM7Phy44hUDrLSCAa2q7 NaCHbSbHaZ3atSYxZJtafDsr3WqgIXTDBa3kOdV/xuclZSOBmp7Ic+RykXTX2A31vuvE NipGDrLzT7HmkMBc/fsioilydsSOjGmq9qmaxQ3q20zQXmCVv8rU5nHebvzZCWI+ZrTm FY5coQZkXOR7CqGXySs2SqvsKXG1gUM6dZCPH/eyn9YnLow9n2mm5/t8DZzDSI0/w/zx FCNw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:content-language:to:subject:from :user-agent:mime-version:date:message-id:dkim-signature; bh=blaJiqs/ZlkeyD/MKH+bSCwviZD37JLLtJ4q+eP7umM=; fh=DMP0F9ULS1guKiqimntQRCN8ZraraesEgQuVcn7F0Z0=; b=bQMttO5yQziycChD+KKYRADDQ0N4lurJ6nZjeefqNij/IZr/pXLmVcS+VzdXl//bbj XglzcAt0VrRjQlpoTGhPVYSoW+bhBl2OLGwOknHAXLiKIgEddJQ8mhEo+Zd/Ui5UOVZq 3w0xfVrBxjhPHoiGzPjiGPJelVLDpg9W61pPe8DoZMhSV+E13lZrDhNlcG3fe8CSVm4V ALVH6vMEdB2OL+EUrh8DyQrsaAJbB0l3+vCxW7WTWNbfvvq8PBF7Ni/taETjM1JEoMHi fHMu5i6/UlrcXmLyUZEPL+FafQWip+CwhabRt5lYkxJgnUT27V39R0omN1z5cyJU1Fy0 p9UA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XJSwq7OS; spf=pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) smtp.mailfrom=lwandersleb@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Received: from mail-wr1-x433.google.com (mail-wr1-x433.google.com. [2a00:1450:4864:20::433]) by gmr-mx.google.com with ESMTPS id 38308e7fff4ca-32a85bb2e5bsi2457491fa.3.2025.06.02.14.06.38 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 02 Jun 2025 14:06:38 -0700 (PDT) Received-SPF: pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) client-ip=2a00:1450:4864:20::433; Received: by mail-wr1-x433.google.com with SMTP id ffacd0b85a97d-3a3771c0f8cso2985247f8f.3 for ; Mon, 02 Jun 2025 14:06:38 -0700 (PDT) X-Gm-Gg: ASbGncus95flg4nTiFQpwcVjl8hiKweHCUDd0NUu3blmxnIv5SFdEoOdxLleT9nHfwe LfJrOsom3xtIonMW4IBKMGvfad7LOc9CR25iYY2fX/2QjprzwUJheHtLypx35vyON3B1zzOWEop RfOy5LRH08mtvU3rYG8KkpfXH7Z/xyXZGeUtWMqlMC0s1CP4bTBRALWuFAQs3d9fb6eSGrFIfjy wcpW2gzVjOth8JC5eF20xKibd1w3/T80AbI+1rTCHPhG/oxbwad6elqvN4QzQ40KFWYkjS4dG8d KgFJuo9WfYl+iRwz65Amai8MAQt0b/UpLhmxc8NsWcXFQpx5SItFw+cD1mr/BPA+Vz3Mhavj+wI 3zl/TITOU0RQLqdpFKyNl2wMKghvE X-Received: by 2002:a5d:5f56:0:b0:3a4:e423:4080 with SMTP id ffacd0b85a97d-3a4f89a5b17mr10777763f8f.4.1748898396786; Mon, 02 Jun 2025 14:06:36 -0700 (PDT) Received: from ?IPV6:2a02:2455:180a:7500:26ce:1d54:62ee:8582? ([2a02:2455:180a:7500:26ce:1d54:62ee:8582]) by smtp.gmail.com with ESMTPSA id ffacd0b85a97d-3a4efe73f22sm15872488f8f.43.2025.06.02.14.06.36 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 02 Jun 2025 14:06:36 -0700 (PDT) Message-ID: <2c3b7e1c-95dd-4773-a88f-f2cdb37acf4a@gmail.com> Date: Mon, 2 Jun 2025 23:06:35 +0200 MIME-Version: 1.0 User-Agent: Mozilla Thunderbird From: Leo Wandersleb Subject: [bitcoindev] Pre-emptive commit/reveal for quantum-safe migration (poison-pill) To: Bitcoin Development Mailing List Content-Language: en-US Content-Type: text/plain; charset="UTF-8"; format=flowed X-Original-Sender: LWandersleb@gmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=XJSwq7OS; spf=pass (google.com: domain of lwandersleb@gmail.com designates 2a00:1450:4864:20::433 as permitted sender) smtp.mailfrom=lwandersleb@gmail.com; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com; dara=pass header.i=@googlegroups.com Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -0.5 (/) Hi all, I'd like to propose a variant of the commit/reveal schemes being discussed for quantum resistance, but with a different goal and timeline. This builds on ideas from the recent thread "Post-Quantum commit / reveal Fawkescoin variant as a soft fork" but targets a different use case. ## The Problem Current discussions focus on emergency reactive measures - what to do *after* quantum computers arrive. But this leaves users in a difficult position: 1. They can't prove ownership of their coins without revealing pubkeys (and thus becoming vulnerable) 2. Moving coins to quantum-safe addresses early reveals which addresses are active vs. abandoned 3. There's no way to prepare for migration without exposing yourself ## Pre-emptive Commit/Reveal What if users could commit *today* to future migration transactions, without revealing which UTXOs they control? The idea is simple: - Users create and sign transactions moving their funds to quantum-safe addresses - They compute a Merkle tree of all these transactions - They publish only the root hash (e.g., in an OP_RETURN) - This can be done today, with no consensus changes If/when quantum computers become a threat: - We soft fork to require at least n confirmations on quantum vulnerable transactions - Transactions work as always but can't be spent for n blocks - If attacked, the victim can reveal the commitment to execute the recovery transaction ## Key Advantages 1. **No consensus changes needed now** - Users can start protecting themselves immediately 2. **Privacy preserved** - The commitment reveals nothing about which UTXOs you own 3. **Efficient** - One hash can commit to migrations for all your UTXOs or even the UTXOs of several users 4. **Flexible** - Works whether or not a quantum computer ever actually appears ## Differences from Tadge's Proposal While Tadge's proposal solves post-quantum spending where any pubkey reveal is dangerous, this proposal is about preparation: - **Timing**: Pre-quantum (can start now) vs. post-quantum (activates after QC appears) - **Scope**: Migration to quantum-safe addresses for all address types in the worst case vs. general spending of hashed pubkeys Both use the same cryptographic primitive (commit/reveal) but for different phases of the quantum transition. This approach lets users protect their funds without waiting for consensus changes or revealing their holdings. It's a "poison pill" against quantum attackers - they might steal coins, but pre-committed owners can reclaim them. Would love to hear thoughts on this approach. Leo Wandersleb -- You received this message because you are subscribed to the Google Groups "Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an email to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/2c3b7e1c-95dd-4773-a88f-f2cdb37acf4a%40gmail.com.